[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r9156: Reject hostnames with invalid characters, in an attempt to c (in tor/trunk: . doc src/or)
- To: or-cvs@xxxxxxxxxxxxx
- Subject: [or-cvs] r9156: Reject hostnames with invalid characters, in an attempt to c (in tor/trunk: . doc src/or)
- From: nickm@xxxxxxxx
- Date: Tue, 19 Dec 2006 14:49:00 -0500 (EST)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Tue, 19 Dec 2006 14:49:06 -0500
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-cvs@xxxxxxxxxxxxx
Author: nickm
Date: 2006-12-19 14:48:58 -0500 (Tue, 19 Dec 2006)
New Revision: 9156
Modified:
tor/trunk/
tor/trunk/ChangeLog
tor/trunk/doc/TODO
tor/trunk/src/or/config.c
tor/trunk/src/or/connection_edge.c
tor/trunk/src/or/or.h
Log:
r11645@Kushana: nickm | 2006-12-19 14:22:36 -0500
Reject hostnames with invalid characters, in an attempt to catch more errors earlier. Add an option to disable this behavior.
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r11645] on c95137ef-5f19-0410-b913-86e773d04f59
Modified: tor/trunk/ChangeLog
===================================================================
--- tor/trunk/ChangeLog 2006-12-19 19:48:54 UTC (rev 9155)
+++ tor/trunk/ChangeLog 2006-12-19 19:48:58 UTC (rev 9156)
@@ -25,6 +25,10 @@
NNTP by default, so this seems like a sensible addition.
- Authorities do not recommend exits as guards if this would shift excess
load to the exit nodes.
+ - Avoid some inadvertent info leaks by making clients reject hostnames
+ with invalid characters. Add an option to disable this behavior,
+ in case somebody is running a private network with hosts called @, !,
+ and #.
o Security bugfixes:
- Stop sending the HttpProxyAuthenticator string to directory
Modified: tor/trunk/doc/TODO
===================================================================
--- tor/trunk/doc/TODO 2006-12-19 19:48:54 UTC (rev 9155)
+++ tor/trunk/doc/TODO 2006-12-19 19:48:58 UTC (rev 9156)
@@ -96,12 +96,12 @@
o Add to Tor-resolve.py
- Add to tor-resolve
d - Be a DNS proxy.
- - Check for invalid characters in hostnames before trying to resolve
+ o Check for invalid characters in hostnames before trying to resolve
them. (This will help catch attempts do to mean things to our DNS
server, and bad software that tries to do DNS lookups on whole URLs.)
- - address_is_invalid_destination() is the right thing to call here
+ o address_is_invalid_destination() is the right thing to call here
(and feel free to make that function smarter)
- - add a config option to turn it off.
+ o add a config option to turn it off.
- Bug 364: notice when all the DNS requests we get back (including a few
well-known sites) are all going to the same place.
- Bug 363: Warn and die if we can't find a nameserver and we're running a
Modified: tor/trunk/src/or/config.c
===================================================================
--- tor/trunk/src/or/config.c 2006-12-19 19:48:54 UTC (rev 9155)
+++ tor/trunk/src/or/config.c 2006-12-19 19:48:58 UTC (rev 9156)
@@ -127,6 +127,7 @@
VAR("__AllDirActionsPrivate",BOOL, AllDirActionsPrivate, "0"),
VAR("AllowInvalidNodes", CSV, AllowInvalidNodes,
"middle,rendezvous"),
+ VAR("AllowNonRFC953Hostnames", BOOL, AllowNonRFC953Hostnames, "0"),
VAR("AssumeReachable", BOOL, AssumeReachable, "0"),
VAR("AuthDirBadExit", LINELIST, AuthDirBadExit, NULL),
VAR("AuthDirInvalid", LINELIST, AuthDirInvalid, NULL),
@@ -354,6 +355,8 @@
/* ==== client options */
{ "AllowInvalidNodes", "Where on our circuits should Tor allow servers "
"that the directory authorities haven't called \"valid\"?" },
+ { "AllowNonRFC953Hostnames", "If set to 1, we don't automatically reject "
+ "hostnames for having invalid characters." },
/* CircuitBuildTimeout, CircuitIdleTimeout */
{ "ClientOnly", "If set to 1, Tor will under no circumstances run as a "
"server, even if ORPort is as configued." },
Modified: tor/trunk/src/or/connection_edge.c
===================================================================
--- tor/trunk/src/or/connection_edge.c 2006-12-19 19:48:54 UTC (rev 9155)
+++ tor/trunk/src/or/connection_edge.c 2006-12-19 19:48:58 UTC (rev 9156)
@@ -1030,9 +1030,19 @@
static int
address_is_invalid_destination(const char *address)
{
- /* FFFF should flesh this out */
- if (strchr(address,':'))
- return 1;
+ if (get_options()->AllowNonRFC953Hostnames)
+ return 0;
+
+ while (*address) {
+ if (TOR_ISALNUM(*address) ||
+ *address == '-' ||
+ *address == '.' ||
+ *address == '_') /* Underscore is not allowed, but Windows does it
+ * sometimes, just to thumb its nose at the IETF. */
+ ++address;
+ else
+ return 1;
+ }
return 0;
}
Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h 2006-12-19 19:48:54 UTC (rev 9155)
+++ tor/trunk/src/or/or.h 2006-12-19 19:48:58 UTC (rev 9156)
@@ -1656,6 +1656,8 @@
* same network zone in the same circuit. */
int TunnelDirConns; /**< If true, use BEGIN_DIR rather than BEGIN when
* possible. */
+ int AllowNonRFC953Hostnames; /**< If true, we allow connections to hostnames
+ * with weird characters. */
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */